Microsoft Azure Fundamentals (AZ-900) (AZ-900) practice questions

A new cloud customer wants to know which responsibility they retain no matter whether they adopt IaaS, PaaS, or SaaS. Which set always stays with the customer?

• ATheir stored data and their accounts and identitiescheck_circle Correct
• BThe physical datacentre and the racks within it
• CThe physical network that links the servers
• DThe physical hosts that run the workloads

Why A is correct: Correct. Across the shared responsibility model, data or information stored in the cloud and the accounts and identities of people, services, and devices are listed as always the customer's, irrespective of whether the service is IaaS, PaaS, or SaaS, because only the customer can govern who and what they trust.

Why B is wrong: The physical datacentre is real and tempting because the customer pays for capacity, but the model lists it as always the provider's responsibility, never the customer's.

Why C is wrong: The physical network is a genuine shared-responsibility item, yet the model assigns the physical network to the provider in every service model, not the customer.

Why D is wrong: Physical hosts feel customer-adjacent because workloads run on them, but the model places the physical hosts permanently with the provider regardless of service type.

An organisation needs a single unified view to govern its data wherever it lives, spanning on-premises stores, multiple clouds, and SaaS applications, with automated data discovery, sensitive-data classification, and end-to-end data lineage. Which tool provides this?

• AAzure Policy, which governs Azure resource configuration, not data
• BMicrosoft Purview, which governs the data estate across all sourcescheck_circle Correct
• CMicrosoft Defender for Cloud, which manages cloud security posture
• DAzure Monitor, which collects operational telemetry from your resources

Why A is wrong: Azure Policy enforces rules on Azure resource configurations, which is a governance service, but it operates on resource settings rather than mapping and classifying the data estate, so it does not give a unified view of data.

Why B is correct: Correct. Microsoft Purview is a family of data governance solutions that brings insights about on-premises, multicloud, and SaaS data together into one view, building a current map of the data estate that includes classification and end-to-end lineage so sensitive data can be located and managed at scale.

Why C is wrong: Microsoft Defender for Cloud assesses security posture and surfaces protection recommendations, which is appealing for oversight, but its focus is security rather than discovering and classifying data across sources.

Why D is wrong: Azure Monitor gathers metrics and logs about how resources perform, which is broad visibility, but it covers operational telemetry rather than cataloguing, classifying, or tracing the lineage of data.

A start-up wants to run on infrastructure that is built and operated entirely by a third-party provider, is open to anyone willing to purchase services, and requires no capital outlay to add more capacity. Which cloud deployment model is being described?

• APublic cloud, owned and run by a third-party provider for any paying customercheck_circle Correct
• BPrivate cloud, dedicated to one tenant and reachable by any paying customer
• CHybrid cloud, interlinking a private cloud with a third-party provider
• DMulticloud, combining services from several third-party providers at once

Why A is correct: Correct. The defining trait of a public cloud is third-party ownership and operation with general availability to any purchaser, and because capacity is consumed on demand rather than bought up front there is no capital expenditure required to scale, which is exactly what the start-up wants.

Why B is wrong: A private cloud is used by a single entity and tempts candidates who hear 'maintained for customers', but it is not open to anyone who wants to purchase and it requires buying and maintaining hardware, so it fails the no-capital-outlay and general-availability clauses.

Why C is wrong: A hybrid cloud connects a private and a public cloud and looks attractive because a provider is involved, but it includes a private component the start-up never mentions and does not describe a model that is purely third-party operated and open to all.

Why D is wrong: Multicloud means using multiple public cloud providers together and draws candidates who fixate on the 'third-party' wording, but the scenario describes a single offering open to anyone rather than the deliberate use of more than one provider.